GHSA-p62r-jf56-h429

Опубликовано: 03 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Malicious Package in evil-package

All versions of evil-package contain malicious code. The package uploads the contents of process.env to example.com/log.

Remove the package from your environment. Given the host where the information was uploaded to there is no further indication of compromise.

Наименование

evil-package

npm

Затронутые версииВерсия исправления

>= 0.0.0

Отсутствует

CWE-506

CWE-506